Systems and methods for authenticated peer-to-peer data transfer using resource locators

ABSTRACT

An authenticated data transfer system may include generating, after entry of one or more processors of a transmitting device into a communication field, a link, the link comprising a near field communication data exchange format uniform resource locator including identifier data and user data; transmitting, to a first application comprising instructions for execution on a first device, the link to initiate data transfer; authenticating a user associated with the first device by activating one or more actions based on the link; transmitting one or more requests for confirmation of quantity and recipient data associated with the data transfer; receiving one or more notifications that are based on the one or more requests for confirmation of quantity and recipient data associated with the data transfer; and performing one or more login credentials that are responsive to the one or more notifications so as to complete the data transfer.

FIELD OF THE DISCLOSURE

The present disclosure relates to systems and methods for peer-to-peerdata transfers, and in particular, authenticated peer-to-peer datatransfer using resource locators.

BACKGROUND

When two peer devices are not already connected through an existingnetwork, peer-to-peer data transfers may be cumbersome. This is becauseboth peer devices must be registered with and configured forcommunication on the same network in order to accomplish the transfer.In addition, configuring and scheduling the transfer of data may bedetrimental to the user experience. Security risks are also present, andmay include risks associated with data integrity and vulnerability whencrossing between platforms, and the misidentification of an account bythe use of an email address or other account identifier. These risks andshortcomings may reduce user demand for cross-application communicationand inhibit the functionality and efficiency of cross-applicationcommunications.

These and other deficiencies exist. Accordingly, there is a need forsystems and methods for peer-to-peer data transfer that provide enhancedsecurity and an improved user experience.

SUMMARY OF THE DISCLOSURE

Embodiments of the present disclosure provide an authenticated datatransfer system, including a contactless card comprising a processor anda memory. After entering a communication field, the processor may beconfigured to dynamically generate a uniform resource locator (URL). TheURL may include a first set of information including abstractedidentifier information. The URL may include a second set of informationincluding user information. The processor may be configured to transmitthe URL to initiate data transfer. The data transfer may be completedupon verification of a received response and confirmation of a third setof information associated with the data transfer.

Embodiments of the present disclosure provide a method of authenticatingdata transfer. The method may include dynamically generating, afterentry of one or more processors of a transmitting device into acommunication field, the link comprising a near field communication dataexchange format uniform resource locator including identifier data anduser data. The method may include transmitting, to a first applicationcomprising instructions for execution on a first device, the link toinitiate data transfer. The method may include authenticating a userassociated with the first device by activating one or more actions basedon the link. The method may include transmitting one or more requestsfor confirmation of quantity and recipient data associated with the datatransfer. The method may include receiving one or more notificationsthat are based on the one or more requests for confirmation of quantityand recipient data associated with the data transfer. The method mayinclude performing one or more login credentials that are responsive tothe one or more notifications so as to complete the data transfer.

Embodiments of the present disclosure provide a computer readablenon-transitory medium comprising computer-executable instructions that,when executed by a processor, perform procedures comprising the stepsof: dynamically generating, after entry of a contactless card into acommunication field, a link, the link comprising a first set ofinformation and a second set of information, the first set ofinformation including identifier information, the second set ofinformation including user information; transmitting, to a firstapplication comprising instructions for execution on a first device, thelink to initiate data transfer; identifying a user associated with thefirst device by activating one or more actions based on the link, theone or more actions configured to request confirmation of a third set ofinformation associated with the data transfer; and transmitting one ormore responses based on authentication of the third set of informationso as to complete the data transfer.

BRIEF DESCRIPTION OF THE DRAWINGS

Various embodiments of the present disclosure, together with furtherobjects and advantages, may best be understood by reference to thefollowing description taken in conjunction with the accompanyingdrawings.

FIG. 1 depicts an authenticated data transfer system according to anexemplary embodiment.

FIG. 2A is an illustration of a contactless card according to anexemplary embodiment.

FIG. 2B is an illustration of a contact pad of the contactless cardaccording to an exemplary embodiment.

FIG. 3 depicts a method of authenticating data transfer according to anexemplary embodiment.

FIG. 4 depicts a method of initiating and authenticating data transferaccording to an exemplary embodiment.

FIG. 5 depicts another method of initiating and authenticating datatransfer according to an exemplary embodiment.

DETAILED DESCRIPTION

The following description of embodiments provides non-limitingrepresentative examples referencing numerals to particularly describefeatures and teachings of different aspects of the invention. Theembodiments described should be recognized as capable of implementationseparately, or in combination, with other embodiments from thedescription of the embodiments. A person of ordinary skill in the artreviewing the description of embodiments should be able to learn andunderstand the different described aspects of the invention. Thedescription of embodiments should facilitate understanding of theinvention to such an extent that other implementations, not specificallycovered but within the knowledge of a person of skill in the art havingread the description of embodiments, would be understood to beconsistent with an application of the invention.

As disclosed herein, a user may use their card to for seamlessidentification and to also initiate a data transfer. A resource locator,such as a uniform resource locator (URL), internet resource locator(IRL), uniform resource identifier (URI), uniform resource name (URN),or other resource locator, may include abstracted identificationinformation, including but not limited to an account or user identifierfor a cardholder, which is loaded onto the chip at the time ofpersonalization of the card. The abstracted identification informationmay be generated for each transaction, such as the dynamically generatedURL.

Without limitation, the identification information may be generated onthe card by combining a unique identifier with one or more variables,such as a counter, one or more cryptographic algorithms, and/or anycombination thereof. For example, the one or more cryptographicalgorithms may include an encryption technique, such as public orprivate key encryption, that would also be known by a server forauthentication. Without limitation, exemplary symmetric key algorithmsmay include symmetric key encryption such as DES (Data EncryptionStandard), Triple DES, or AES (Advanced Encryption Standard). Withoutlimitation, exemplary asymmetric key algorithms may include asymmetricpublic key encryption, digital signature algorithm, or RSA(Rivest-Shamir-Adleman).

In some examples, the peer-to-peer data transfer may be initiated andauthenticated through a website. In other examples, the peer-to-peerdata transfer may be initiated and authenticated through an application.The systems and methods disclosed herein minimize the exposure ofidentification information or other personal information and providegreater security.

Example embodiments of the present disclosure provide improvements tothe limitations in the user experience to set up and coordinatedifferent types of data transfer, and mitigate or eliminate securityrisks, such as those associated with crossing between platforms,misidentification of an account by email address, authentication of therequested transfer of data, and validity of device recognition.Accordingly, the systems and methods disclosed herein improve uponexisting implementations by coordinating customized peer-to-peer datatransfer that addresses these limitations and provides enhanced securitybenefits and an improved user experience.

FIG. 1 illustrates an authenticated data transfer system 100. Theauthenticated data transfer system 100 may comprise a transmittingdevice 105, a first application 110, a second application 115, a network120, a server 125, and a database 130. Although FIG. 1 illustratessingle instances of components of system 100, system 100 may include anynumber of components.

System 100 may include a transmitting device 105. The transmittingdevice 105 may comprise a contactless card, a contact-based card, anetwork-enabled computer, or other device described herein. As furtherexplained below in FIGS. 2A-2B, transmitting device 105 may include oneor more processors 102, and memory 104. Memory 104 may include one ormore applets 106 and one or more counters 108. Transmitting device 105may be in data communication with one or more devices 112, 117. Forexample, transmitting device may transmit data via network 120 to clientdevices 112, 117. In some examples, transmitting device 105 may beconfigured to transmit data via network 120 to client device 117 afterentry into one or more communication fields of client devices 112, 117.Without limitation, transmitting device 105 may be configured totransmit data to client devices 112, 117 after one or more entries intothe one or more communication fields of client devices 112, 117, the oneor more entries associated with a tap, a swipe, a wave, and/or anycombination thereof.

System 100 may include a first application 110. For example, firstapplication 110 may comprise instructions for execution on a firstdevice 112. First application 110 may be in communication with anycomponents of system 100. For example, first device 112 may execute oneor more applications, such as first application 110, that enable, forexample, network and/or data communications with one or more componentsof system 100 and transmit and/or receive data. The first device 112 mayinclude one or more processors 113 coupled to memory 114. For example,first device 112 may be a network-enabled computer. As referred toherein, a network-enabled computer may include, but is not limited to acomputer device, or communications device including, e.g., a server, anetwork appliance, a personal computer, a workstation, a phone, ahandheld PC, a personal digital assistant, a contactless card, a thinclient, a fat client, an Internet browser, or other device. First device112 also may be a mobile device; for example, a mobile device mayinclude an iPhone, iPod, iPad from Apple® or any other mobile devicerunning Apple's iOS® operating system, any device running Microsoft'sWindows® Mobile operating system, any device running Google's Android®operating system, and/or any other smartphone, tablet, or like wearablemobile device.

The first device 112 may include processing circuitry and may containadditional components, including processors, memories, error andparity/CRC checkers, data encoders, anticollision algorithms,controllers, command decoders, security primitives and tamperproofinghardware, as necessary to perform the functions described herein. Thefirst device 112 may further include a display and input devices. Thedisplay may be any type of device for presenting visual information suchas a computer monitor, a flat panel display, and a mobile device screen,including liquid crystal displays, light-emitting diode displays, plasmapanels, and cathode ray tube displays. The input devices may include anydevice for entering information into the user's device that is availableand supported by the user's device, such as a touch-screen, keyboard,mouse, cursor-control device, touch-screen, microphone, digital camera,video recorder or camcorder. These devices may be used to enterinformation and interact with the software and other devices describedherein. In some examples, the first device 112 may include at least oneselected from the group of a mobile device, a wearable device, and akiosk.

System 100 may include a second application 115. Second application 115may comprise instructions for execution on a second device 117. Secondapplication 115 may be in communication with any components of system100. For example, second device 117 may execute one or moreapplications, such as second application 115, that enable, for example,network and/or data communications with one or more components of system100 and transmit and/or receive data. The second device 117 may includeone or more processors 116 coupled to memory 118. For example, seconddevice 117 may be a network-enabled computer. As referred to herein, anetwork-enabled computer may include, but is not limited to a computerdevice, or communications device including, e.g., a server, a networkappliance, a personal computer, a workstation, a phone, a handheld PC, apersonal digital assistant, a contactless card, a thin client, a fatclient, an Internet browser, or other device. Second device 117 also maybe a mobile device; for example, a mobile device may include an iPhone,iPod, iPad from Apple® or any other mobile device running Apple's iOS®operating system, any device running Microsoft's Windows® Mobileoperating system, any device running Google's Android® operating system,and/or any other smartphone, tablet, or like wearable mobile device.

The second device 117 may include processing circuitry and may containadditional components, including processors, memories, error andparity/CRC checkers, data encoders, anticollision algorithms,controllers, command decoders, security primitives and tamperproofinghardware, as necessary to perform the functions described herein. Thesecond device 117 may further include a display and input devices. Thedisplay may be any type of device for presenting visual information suchas a computer monitor, a flat panel display, and a mobile device screen,including liquid crystal displays, light-emitting diode displays, plasmapanels, and cathode ray tube displays. The input devices may include anydevice for entering information into the user's device that is availableand supported by the user's device, such as a touch-screen, keyboard,mouse, cursor-control device, touch-screen, microphone, digital camera,video recorder or camcorder. These devices may be used to enterinformation and interact with the software and other devices describedherein. In some examples, the second device 117 may include at least oneselected from the group of a mobile device, a wearable device, and akiosk.

System 100 may include a network 120. In some examples, network 120 maybe one or more of a wireless network, a wired network or any combinationof wireless network and wired network, and may be configured to connectto any one of components of system 100. For example, client devices 112,117 may be configured to connect to server 125 via network 120. In someexamples, network 120 may include one or more of a fiber optics network,a passive optical network, a cable network, an Internet network, asatellite network, a wireless local area network (LAN), a Global Systemfor Mobile Communication, a Personal Communication Service, a PersonalArea Network, Wireless Application Protocol, Multimedia MessagingService, Enhanced Messaging Service, Short Message Service, TimeDivision Multiplexing based systems, Code Division Multiple Access basedsystems, D-AMPS, Wi-Fi, Fixed Wireless Data, IEEE 802.11b, 802.15.1,802.11n and 802.11g, Bluetooth, NFC, Radio Frequency Identification(RFID), Wi-Fi, and/or the like.

In addition, network 120 may include, without limitation, telephonelines, fiber optics, IEEE Ethernet 902.3, a wide area network, awireless personal area network, a LAN, or a global network such as theInternet. In addition, network 120 may support an Internet network, awireless communication network, a cellular network, or the like, or anycombination thereof. Network 120 may further include one network, or anynumber of the exemplary types of networks mentioned above, operating asa stand-alone network or in cooperation with each other. Network 120 mayutilize one or more protocols of one or more network elements to whichthey are communicatively coupled. Network 120 may translate to or fromother protocols to one or more protocols of network devices. Althoughnetwork 120 is depicted as a single network, it should be appreciatedthat according to one or more examples, network 120 may comprise aplurality of interconnected networks, such as, for example, theInternet, a service provider's network, a cable television network,corporate networks, such as credit card association networks, and homenetworks.

Client devices 112, 117 may be in communication with one or more servers125 via one or more networks 120, and may operate as a respectivefront-end to back-end pair with server 125. Client devices 112, 117 maytransmit, for example from a mobile device application 110, 115executing thereon, one or more requests to server 125. The one or morerequests may be associated with retrieving data from server 125. Server125 may receive the one or more requests from client devices 112, 117.Based on the one or more requests from client applications 110, 115,server 125 may be configured to retrieve the requested data. Server 125may be configured to transmit the received data to client applications110, 115, the received data being responsive to one or more requests.

System 100 may include one or more servers 125. In some examples, server125 may include one or more processors 127 coupled to memory 129. Server125 may be configured as a central system, server or platform to controland call various data at different times to execute a plurality ofworkflow actions. Server 125 may be configured to connect to one orclient devices 112, 117. Server 125 may be in data communication withthe client applications 110, 115. For example, a server 125 may be indata communication with the client applications 110, 115 via one or morenetworks 120.

System 100 may include one or more databases 130. The database 130 maycomprise a relational database, a non-relational database, or otherdatabase implementations, and any combination thereof, including aplurality of relational databases and non-relational databases. In someexamples, the database 130 may comprise a desktop database, a mobiledatabase, or an in-memory database. Further, the database 130 may behosted internally by the devices 112, 117 or the database 130 may behosted externally to the devices 112, 117, such as by a server 125, by acloud-based platform, or in any storage device that is in datacommunication with the devices 112, 117. In some examples, database 130may be in data communication with any number of components of system100. For example, server 125 may be configured to retrieve the requesteddata from the database 130 that is transmitted by applications 110, 115.Server 125 may be configured to transmit the received data from database130 to client applications 110, 115 via network 120, the received databeing responsive to the transmitted one or more requests. In otherexamples, client applications 110, 115 may be configured to transmit oneor more requests for the requested data from database 130 via network120.

In some examples, exemplary procedures in accordance with the presentdisclosure described herein can be performed by a processing arrangementand/or a computing arrangement (e.g., computer hardware arrangement).Such processing/computing arrangement can be, for example entirely or apart of, or include, but not limited to, a computer/processor that caninclude, for example one or more microprocessors, and use instructionsstored on a computer-accessible medium (e.g., RAM, ROM, hard drive, orother storage device). For example, a computer-accessible medium can bepart of the memory of the client devices 112, 117 and/or server 125 orother computer hardware arrangement.

In some examples, a computer-accessible medium (e.g., as describedherein above, a storage device such as a hard disk, floppy disk, memorystick, CD-ROM, RAM, ROM, etc., or a collection thereof) can be provided(e.g., in communication with the processing arrangement). Thecomputer-accessible medium can contain executable instructions thereon.In addition or alternatively, a storage arrangement can be providedseparately from the computer-accessible medium, which can provide theinstructions to the processing arrangement so as to configure theprocessing arrangement to execute certain exemplary procedures,processes, and methods, as described herein above, for example.

In some examples, the transmitting device 105 may comprise acontact-based card. For example, the contact-based card may beconfigured to transmit, after establishing a connection with a device, alink to initiate data transfer. The link may comprise, for example, aURL, IRL, URI, or URN. Without limitation, the contact-based card may beconfigured to establish physical contact with a card reader of clientdevice 112 (e.g., a chip reader or a magnetic stripe reader). The cardreader may be integral, within, or external to the client device 112.

In other examples, the transmitting device 105 may comprise acontactless card. For example, the contactless card may be configuredto, after entering a communication field, transmit to the firstapplication 110, a link to initiate data transfer. The link maycomprise, for example, a URL, IRL, URI, or URN. In some examples, thecontactless card may enter the communication field of client device 112via one or more gestures selected from the group of a tap, swipe, wave,or any combination thereof.

In some examples, the user may be identified based on a mobile networkoperator (MNO) lookup. In other examples, the user may be identifiedbased on one or more cookies associated with prior account logins, e.g.,logins to an account associated with the transmitting device, a separateaccount associated with the user, and/or other accounts. The link maycomprise a near field communication data exchange format uniformresource locator (NDEF URL) and can be configured to invoke one or moreactions or applications. In one example, the link may be configured toinvoke a website, which can include causing a browser or other viewingapplication executing on client device 112 or another device to accessand display a website and/or to cause the website to perform one or moreactions (e.g., to display or submit information). In another example,the link may be configured to invoke an application executing on clientdevice 112 or a separate device.

The link may comprise a first set of information and a second set ofinformation. For example, the first set of information may includeidentifier information. The first set of information may comprise anabstracted user name generated by the processor after entry of thetransmitting device 105 into the communication field. For example, theabstracted identification information may be generated for eachtransaction, in the form of, e.g., the dynamically generated URL.Without limitation, the identification information may be generated onthe card by combining a unique identifier with one or more variables,such as a counter, one or more cryptographic algorithms, and/or anycombination thereof. For example, the one or more cryptographicalgorithms may include an encryption technique, such as public orprivate key encryption, that would also be known by a server, such asserver 125, for authentication. Without limitation, exemplary symmetrickey algorithms may include symmetric key encryption such as DES, TripleDES, or AES. Without limitation, exemplary asymmetric key algorithms mayinclude asymmetric public key encryption, digital signature algorithm,or RSA. For example, the second set of information may include userinformation, such as cardholder information (e.g., account owner name,account number, expiration date, card verification value). The firstapplication 110 may be configured to identify a user associated with thefirst device 112 by activating one or more actions based on the link.The one or more actions may be configured to request confirmation of athird set of information associated with the data transfer. The thirdset of information may include at least one selected from the group of aquantity, digital asset, and recipient information.

In some examples, at least one action may comprise launching a websiteconfigured to identify the user associated with the first device 112.Server 125 may be configured to identify the user associated with thefirst device 112 by at least one selected from the group of devicefingerprinting of the first device 112 and a cookie stored on the firstdevice 112. Without limitation, device fingerprinting may be based on atleast one selected from the group of device configuration, devicememory, device screen size, device operating system version,applications installed, phone carrier provider, third party cookies forwebsites, phone number tracking through mobile network operator (MNO)lookup, browser type, browser language, IP address, and/or anycombination thereof of the first device 112. The website may beconfigured to display the second set of information and the third set ofinformation on first device 112. After a successful identification ofthe user or owner of the first device 112, the website may be configuredto load predetermined information including the second set ofinformation. In some examples, the predetermined information maycomprise user information, such as cardholder information. In someexamples, this information may be embedded in and passed via the NDEFURL when the transmitting device 105 enters the communication field. Thewebsite may be further configured to allow a quantity to be specified,including but not limited to an amount. The website may be furtherconfigured to submit the transfer by selection of a button. Moreover,the website may be further configured to adjust recipient and/ortransferor of the data transfer. For example, the directionality of thedata transfer may be reversed. In some examples, by adjusting thedirectionality of the transfer, such as from transferor to recipient orfrom recipient to transferor, a corresponding message such as a pushnotification or email may be generated so as to indicate confirmation ofthe desired reversed directionality of the transfer. In some examples,the corresponding message may be displayed by the first application 110and/or second application 115.

The second application 115 may be configured to transmit one or moreresponses associated with authentication and confirmation of the thirdset of information so as to complete the data transfer. In someexamples, the second application 115 may be configured to receive anotification from first application 110, the notification requiring theone or more responses associated with confirmation of the third set ofinformation. The second application 115 may be configured to perform oneor more authentication communications associated with confirmation ofthe third set of information. For example, the data transfer may becompleted upon verification of a received response and confirmation ofthe third set of information associated with the data transfer. In someexamples, the one or more authentication communications may include atleast one selected from the group of biometric communication and logincommunication.

In other examples, at least one action may comprise requesting, by thefirst application 110, one or more login credentials. The firstapplication 110 may be configured to, upon submission of the requestedone or more login credentials and upon authentication of the one or morelogin credentials, deep link to a screen with the second set ofinformation and the third set of information. By way of example, deeplinking described herein may refer to the NDEF URL being configured tolink to a specific, generally searchable or indexed, portion of webcontent on a website, rather than a website's home page. The third setof information may include at least one selected from the group of aquantity, digital asset, and recipient information. In some examples,the second application 115 may be configured to receive a notification,the notification requiring the one or more responses associated withconfirmation of the third set of information. The second application 115may be configured to perform one or more authentication communicationsassociated with confirmation of the third set of information. In someexamples, the one or more authentication communications may include anauthentication input. Exemplary authentication inputs can include,without limitation, entry of login credentials, account information,security information, biometric information and a combination thereof(e.g., entry of a user name, a password, an account number, a securitycode, a one-time passcode, an answer to a security question, afingerprint, a facial scan, a retinal scan, a voice recognition, andlogging into an application or website associated with an account orcard-issuing institution).

The device associated with the transmitting device 105 user, such as thesecond application 115 of the second device 117 associated with acardholder, may be configured to receive a notification, including butnot limited to a push notification or email, that acts as a secondconfirmation of the amount, digital asset, and transfer recipient. Toconfirm the data transfer, the cardholder may select a button to take anaction that is responsive to the requested authentication communication,such as providing an authentication input. Upon authentication of thelogin via the received authentication input, the transfer may beconfirmed. In this manner, the peer-to-peer transfer would be for anauthenticated user, after the confirmation, since the transfer is to aknown recipient.

In some examples, the peer-to-peer transfer may comprise issuance ofcredit. The credit may be in accord with one or more spendingrestrictions. For example, the one or more spending restrictions mayinclude a time limit, amount limit, geographic limit, merchant type,merchant limit, and/or any combination thereof. In some examples, theissuance of credit may be associated with one or more rewards and/orpoints. For example, the rewards and/or points may be issued and therebyadded to a user reward or loyalty point program if the credit is used ata particular merchant, such as a restaurant, at a particular time, suchas on the weekends. For example, the rewards and/or points may beadjusted for each of the transferor and the transferee, and may beadjusted based on redemption of the credit. For example, the rewardsand/or points may be issued and thereby added to a user reward orloyalty point program if the credit is used at a particular merchant,such as a restaurant, and/or at a particular time, such as on theweekends. When the recipient or transferee uses the credit, thetransferor may still accrue the rewards and/or points.

In other examples, the peer-to-peer transfer may comprise transfer ofone or more digital assets. Without limitation, the digital asset maycomprise an image or a document. Without limitation, the format type ofthe digital asset may include at least one selected from the group of astatic image file (such as JPEG, PNG, SVG), a static document file (suchas PDF, PSD), an animated file (such as GIF, SWF), and web code (such asHTML, CSS, JavaScript). The one or more digital assets may be identifiedfor transfer. For example, the digital asset may be securely transmittedby launching a website and uploading the identified digital asset fortransfer. In another example, the digital asset may be securelytransmitted by opening an application or launching an email client inwhich the identified digital asset may be included as an attachment. Inanother example, digital asset may be identified as part of a uniformresource locator (URL) that is transmitted for retrieving the identifieddigital asset.

In other examples, the peer-to-peer transfer may comprise a fundstransfer, such as a cash transfer. As with the issuance of credit, thefunds transfer may be subject to one or more spending restrictionsand/or one or more merchants. For example, the funds transfer may besubject to a restriction based on time limit, amount limit, geographiclimit, merchant type, merchant limit, and/or any combination thereof. Insome examples, the funds transfer may include a plurality of portions.For example, a first portion of the funds transfer may be transmittedprior to a second portion of the funds transfer. Any portion of thefunds transfer may be transmitted at a predetermined time, including butnot limited to a day, time, week, month, and/or any combination thereof.In this manner, the funds transfer may be transmitted in aggregate untilsatisfaction of the entire funds transfer.

In other examples, the peer-to-peer transfer may comprise issuance of avirtual gift card. As with the issuance of credit, the virtual gift cardmay be subject to one or more spending restrictions and/or one or moremerchants. For example, the virtual gift card may be subject to timelimit, amount limit, geographic limit, merchant type, merchant limit,and/or any combination thereof. In some examples, the peer-to-peertransfer may include a plurality of portions associated with variousamounts of the virtual gift card. For example, a first portion of thepeer-to-peer transfer may be transmitted prior to a second portion ofthe peer-to-peer transfer. Any portion of the transfer may betransmitted at a predetermined time, including but not limited to a day,time, week, month, and/or any combination thereof.

FIG. 2A illustrates one or more transmitting devices 200. Transmittingdevice 200 may reference the same or similar components of transmittingdevice or contactless card 105, as explained above with respect toFIG. 1. Although FIGS. 2A and 2B illustrate single instances ofcomponents of transmitting device 200, any number of components may beutilized.

Transmitting device 200 may be configured to communicate with one ormore components of system 100. Transmitting device 200 may comprise acontact-based card or contactless card, which may comprise a paymentcard, such as a credit card, debit card, or gift card, issued by aservice provider 205 displayed on the front or back of the card 200. Insome examples, the contactless card 200 is not related to a paymentcard, and may comprise, without limitation, an identification card, amembership card, and a transportation card. In some examples, thepayment card may comprise a dual interface contactless payment card. Thecontactless card 200 may comprise a substrate 210, which may include asingle layer or one or more laminated layers composed of plastics,metals, and other materials. Exemplary substrate materials includepolyvinyl chloride, polyvinyl chloride acetate, acrylonitrile butadienestyrene, polycarbonate, polyesters, anodized titanium, palladium, gold,carbon, paper, and biodegradable materials. In some examples, thecontactless card 200 may have physical characteristics compliant withthe ID-1 format of the ISO/IEC 7810 standard, and the contactless cardmay otherwise be compliant with the ISO/IEC 14443 standard. However, itis understood that the contactless card 200 according to the presentdisclosure may have different characteristics, and the presentdisclosure does not require a contactless card to be implemented in apayment card.

The contactless card 200 may also include identification information 215displayed on the front and/or back of the card, and a contact pad 220.The contact pad 220 may be configured to establish contact with anothercommunication device, including but not limited to a user device, smartphone, laptop, desktop, or tablet computer. The contactless card 200 mayalso include processing circuitry, antenna and other components notshown in FIG. 2A. These components may be located behind the contact pad220 or elsewhere on the substrate 210. The contactless card 200 may alsoinclude a magnetic strip or tape, which may be located on the back ofthe card (not shown in FIG. 2A).

As illustrated in FIG. 2B, the contact pad 220 of FIG. 2A may includeprocessing circuitry 225 for storing and processing information,including a microprocessor 230 and a memory 235. It is understood thatthe processing circuitry 225 may contain additional components,including processors, memories, error and parity/CRC checkers, dataencoders, anticollision algorithms, controllers, command decoders,security primitives and tamperproofing hardware, as necessary to performthe functions described herein.

The memory 235 may be a read-only memory, write-once read-multiplememory or read/write memory, e.g., RAM, ROM, and EEPROM, and thecontactless card 200 may include one or more of these memories. Aread-only memory may be factory programmable as read-only or one-timeprogrammable. One-time programmability provides the opportunity to writeonce then read many times. A write once/read-multiple memory may beprogrammed at a point in time after the memory chip has left thefactory. Once the memory is programmed, it may not be rewritten, but itmay be read many times. A read/write memory may be programmed andre-programed many times after leaving the factory. It may also be readmany times.

The memory 235 may be configured to store one or more applets 240, oneor more counters 245, and a customer identifier 250. The one or moreapplets 240 may comprise one or more software applications configured toexecute on one or more contactless cards, such as Java Card applet.However, it is understood that applets 240 are not limited to Java Cardapplets, and instead may be any software application operable oncontactless cards or other devices having limited memory. The one ormore counters 245 may comprise a numeric counter sufficient to store aninteger. The customer identifier 250 may comprise a unique alphanumericidentifier assigned to a user of the contactless card 200, and theidentifier may distinguish the user of the contactless card from othercontactless card users. In some examples, the customer identifier 250may identify both a customer and an account assigned to that customerand may further identify the contactless card associated with thecustomer's account.

The processor and memory elements of the foregoing exemplary embodimentsare described with reference to the contact pad, but the presentdisclosure is not limited thereto. It is understood that these elementsmay be implemented outside of the pad 220 or entirely separate from it,or as further elements in addition to processor 230 and memory 235elements located within the contact pad 220.

In some examples, the contactless card 200 may comprise one or moreantennas 255. The one or more antennas 255 may be placed within thecontactless card 200 and around the processing circuitry 225 of thecontact pad 220. For example, the one or more antennas 255 may beintegral with the processing circuitry 225 and the one or more antennas255 may be used with an external booster coil. As another example, theone or more antennas 255 may be external to the contact pad 220 and theprocessing circuitry 225.

In an embodiment, the coil of contactless card 200 may act as thesecondary of an air core transformer. The terminal may communicate withthe contactless card 200 by cutting power or amplitude modulation. Thecontactless card 200 may infer the data transmitted from the terminalusing the gaps in the contactless card's power connection, which may befunctionally maintained through one or more capacitors. The contactlesscard 200 may communicate back by switching a load on the contactlesscard's coil or load modulation. Load modulation may be detected in theterminal's coil through interference.

FIG. 3 depicts a method 300 of authenticating data transfer. FIG. 3 mayreference the same or similar components of system 100, and transmittingdevice 200 of FIG. 2A and FIG. 2B.

At block 310, the method 300 may include transmitting, after one or moreprocessors of a transmitting device entering a communication field, alink to a first application comprising instructions for execution on afirst device, the link configured to initiate data transfer, the linkcomprising a near field communication data exchange format uniformresource locator including identifier data and cardholder data. In someexamples, the transmittal of the link may occur after dynamicallygenerating the link. In some examples, the transmitting device may enterthe communication field of a client device via one or more gesturesselected from the group of a tap, swipe, wave, or any combinationthereof. In some examples, the user may be identified based on a mobilenetwork operator (MNO) lookup. In other examples, the user may beidentified based on one or more cookies associated with prior accountlogins, e.g., logins to an account associated with the transmittingdevice, a separate account associated with the user, and/or otheraccounts.

The link may comprise a near field communication data exchange formatuniform resource locator (NDEF URL). The link may comprise a first setof information and a second set of information. The first set ofinformation may include identifier information. For example, the firstset of information may comprise an abstracted user name generated by theprocessor after entry of the transmitting device into the communicationfield. For example, the abstracted identification information may begenerated for each transaction, such as the dynamically generated URL.Without limitation, the identification information may be generated onthe card by combining a unique identifier with one or more variables,such as a counter, one or more cryptographic algorithms, and/or anycombination thereof. For example, the one or more cryptographicalgorithms may include an encryption technique, such as public orprivate key encryption, that would also be known by a server forauthentication. Without limitation, exemplary symmetric key algorithmsmay include symmetric key encryption such as DES, Triple DES, or AES.Without limitation, exemplary asymmetric key algorithms may includeasymmetric public key encryption, digital signature algorithm, or RSA.For example, the second set of information may include user information,such as cardholder information. In some examples, the second set ofinformation may include cardholder information (e.g., account ownername, account number, expiration date, card verification value).

At block 320, the method 300 may include authenticating a userassociated with the first device by activating one or more actions basedon the link. The one or more actions may be configured to requestconfirmation of a third set of information associated with the datatransfer. The third set of information may include at least one selectedfrom the group of a quantity, digital asset, and recipient information.In some examples, at least one action may comprise launching a websiteconfigured to identify the user associated with the first device. Inother examples, at least one action may comprise requesting, by thefirst application, one or more login credentials.

At block 330, the method 300 may include transmitting one or morerequests for confirmation of quantity, digital asset, and recipient dataassociated with the data transfer. For example, the first applicationmay be configured to receive input indicative of confirmation of thequantity, such as an amount, digital asset, and recipient data, such asrecipient, of the peer-to-peer transfer that are associated with thethird set of information of block 320.

At block 340, the method 300 may include receiving one or morenotifications that are based on the one or more requests forconfirmation of quantity, digital asset, and recipient data associatedwith the data transfer. The device associated with the transmittingdevice user, such as the second application of the second deviceassociated with a cardholder, may be configured to receive anotification, including but not limited to a push notification or email,that acts as a second confirmation of the amount, digital asset, andtransfer recipient.

At block 350, the method 300 may include performing one or more logincredentials that are responsive to the one or more notifications so asto complete the data transfer. For example, one or more authenticationinputs may be received to complete the data transfer. The authenticationinput may be responsive to the one or more notifications. To confirm thedata transfer, the cardholder may select a button to take an action thatis responsive to the one or more requests and based on the one or morenotifications, such as the requested authentication communicationincluding but an authentication input. Exemplary authentication inputscan include, without limitation, entry of login credentials, accountinformation, security information, biometric information and acombination thereof (e.g., entry of a user name, a password, an accountnumber, a security code, a one-time passcode, an answer to a securityquestion, a fingerprint, a facial scan, a retinal scan, a voicerecognition, and logging into an application or website associated withan account or card-issuing institution). Upon authentication of thelogin via the received authentication input, the transfer may beconfirmed. In addition, the directionality of the data transfer may bereversed. In some examples, by adjusting the directionality of thetransfer, such as from transferor to recipient or from recipient totransferor, a corresponding message such as a push notification or emailmay be generated so as to indicate confirmation of the desired reverseddirectionality of the transfer. In some examples, the correspondingmessage may be displayed by the first application and/or secondapplication. In this manner, the peer-to-peer transfer would be for anauthenticated user, after the confirmation, since the transfer is to aknown recipient.

In some examples, the peer-to-peer transfer may comprise issuance ofcredit. The credit may be in accord with one or more spendingrestrictions. For example, the one or more spending restrictions mayinclude a time limit, amount limit, geographic limit, merchant type,merchant limit, and/or any combination thereof.

In some examples, the peer-to-peer transfer may be associated with oneor more rewards and/or points. For example, the rewards and/or pointsmay be adjusted for each of the transferor and the transferee, and maybe adjusted based on redemption of the credit. For example, the rewardsand/or points may be issued and thereby added to a user reward orloyalty point program if the credit is used at a particular merchant,such as a restaurant, and/or at a particular time, such as on theweekends. When the recipient or transferee uses the credit, thetransferor may still accrue the rewards and/or points. In some examples,the peer-to-peer transfer may include a plurality of portions. Forexample, a first portion of the peer-to-peer transfer may be transmittedprior to a second portion of the peer-to-peer transfer. For example, afirst portion may comprise one or more rewards, and a second portion maycomprise one or more points. Any portion of the transfer may betransmitted at a predetermined time, including but not limited to a day,time, week, month, and/or any combination thereof.

In other examples, the peer-to-peer transfer may comprise transfer ofone or more digital assets. Without limitation, the digital asset maycomprise an image or a document. Without limitation, the format type ofthe digital asset may include at least one selected from the group of astatic image file (such as JPEG, PNG, SVG), a static document file (suchas PDF, PSD), an animated file (such as GIF, SWF), and web code (such asHTML, CSS, JavaScript). The one or more digital assets may be identifiedfor transfer. For example, the digital asset may be securely transmittedby launching a website and uploading the identified digital asset fortransfer. In another example, the digital asset may be securelytransmitted by opening an application or launching an email client inwhich the identified digital asset may be included as an attachment. Inanother example, the digital asset may be digital asset may beidentified as part of a uniform resource locator (URL) that istransmitted for retrieving the identified digital asset.

In other examples, the peer-to-peer transfer may comprise a fundstransfer, such as a cash transfer. As with the issuance of credit, thefunds transfer may be subject to one or more spending restrictionsand/or one or more merchants. For example, the funds transfer may besubject to a restriction based on time limit, amount limit, geographiclimit, merchant type, merchant limit, and/or any combination thereof. Insome examples, the funds transfer may include a plurality of portions.For example, a first portion of the funds transfer may be transmittedprior to a second portion of the funds transfer. Any portion of thefunds transfer may be transmitted at a predetermined time, including butnot limited to a day, time, week, month, and/or any combination thereof.In this manner, the funds transfer may be transmitted in aggregate untilsatisfaction of the entire funds transfer.

In other examples, the peer-to-peer transfer may comprise issuance of avirtual gift card. As with the issuance of credit, the virtual gift cardmay be subject to one or more spending restrictions and/or one or moremerchants. For example, the virtual gift card may be subject to a timelimit, amount limit, geographic limit, merchant type, merchant limit,and/or any combination thereof. In some examples, the peer-to-peertransfer may include a plurality of portions associated with variousamounts of the virtual gift card. For example, a first portion of thepeer-to-peer transfer may be transmitted prior to a second portion ofthe peer-to-peer transfer. Any portion of the transfer may betransmitted at a predetermined time, including but not limited to a day,time, week, month, and/or any combination thereof.

FIG. 4 depicts a method of initiating and authenticating data transferaccording to an exemplary embodiment. FIG. 4 may reference the same orsimilar components of system 100, transmitting device 200 of FIG. 2A andFIG. 2B, and method 300 of FIG. 3. As illustrated in FIG. 4, apeer-to-peer transfer may be initiated by the card entering acommunication field of a user device and loading a website.

At block 405, the method 400 may include the card entering acommunication field of the user device, including but not limited to viaone or more gestures selected from the group of a tap, swipe, wave, orany combination thereof. This communication may include but not belimited to NFC. At block 410, the method 400 may include loading awebsite via the NDEF URL to identify the user of the user device afterthe entry of the card into the communication field of the user device.In some examples, the card may be configured to transmit, after enteringthe communication field of block 405, a link to a client application ofone or more user devices to initiate data transfer. In some examples,the transmittal of the link may occur after dynamically generating thelink. In some examples, the client application may be associated withthe issuing entity of the transmitting device or card. In otherexamples, the client application may not be associated with the issuingentity of the transmitting device or card. For example, the clientapplication may be associated with a third party entity or an entityexternal to the issuing entity of the transmitting device or card.

In some examples, the NDEF URL may comprise a domain name and anidentifier. For example, the link may include abstracted identificationinformation, including but not limited to an account or user identifierfor a cardholder, that is loaded onto the chip at the time ofpersonalization of the card. For example, the URL may be encoded in aNDEF file at card embossing time. The abstracted identificationinformation may be generated for each transaction, such as thedynamically generated URL. Without limitation, the identificationinformation may be generated on the card by combining a uniqueidentifier with one or more variables, such as a counter, one or morecryptographic algorithms, and/or any combination thereof. For example,the one or more cryptographic algorithms may include an encryptiontechnique, such as public or private key encryption, that would also beknown by a server for authentication. Without limitation, exemplarysymmetric key algorithms may include symmetric key encryption such asDES, Triple DES, or AES. Without limitation, exemplary asymmetric keyalgorithms may include asymmetric public key encryption, digitalsignature algorithm, or RSA.

At block 415, the method 400 may include identifying the user via devicefingerprinting, and may be based on, without limitation, at least oneselected from the group of device configuration, device memory, devicescreen size, device operating system version, applications installed,phone carrier provider, third party cookies for websites, phone numbertracking through MNO lookup, browser type, browser language, IP address,and/or any combination thereof of a device.

At block 420, the method may include prompting user login to identifythe user if the website is unable to identify the user via cookies ordevice fingerprinting. For example, if the website cannot successfullyidentify the user via at least one selected from the group of operatingsystem, browser type, browser language, IP address, the user may receivea notification, generated by the server, indicative of unsuccessfulnotification and/or may be prompted by the application to input logininformation in order to successfully identify the user and that isresponsive to the unsuccessful notification.

At block 425, the method 400 may include loading predeterminedinformation after identifying the user. In some examples, thepredetermined information may be any information associated with thecardholder that is already filled out or otherwise provided on thewebsite via being embedded directly in the NDEF URL. The website may befurther configured to submit the transfer by selection of a button.Moreover, the website may be further configured to adjust recipientand/or transferor of the data transfer. For example, the directionalityof the data transfer may be reversed. In some examples, by adjusting thedirectionality of the transfer, such as from transferor to recipient orfrom recipient to transferor, a corresponding message such as a pushnotification or email may be generated so as to indicate confirmation ofthe desired reversed directionality of the transfer. In some examples,the corresponding message may be displayed by the first applicationand/or second application.

At block 430, the method 400 may include entering quantity and recipientdata for the peer-to-peer transfer prior to transfer submission. Atblock 435, the method 400 may include receiving an email or pushnotification to confirm the peer-to-peer transfer. For example, thecardholder may be associated with a user device. The application of userdevice may be configured to receive the notification. At block 440,responsive to receipt of the notification, the notification may beopened or displayed so as to prompt a log in or request biometric inputto verify that the user initiated the transfer. In some examples, theprompt may include a request for one or more authentication inputs. Forexample, exemplary authentication inputs can include, withoutlimitation, entry of login credentials, account information, securityinformation, biometric information and a combination thereof (e.g.,entry of a user name, a password, an account number, a security code, aone-time passcode, an answer to a security question, a fingerprint, afacial scan, a retinal scan, a voice recognition, and logging into anapplication or website associated with an account or card-issuinginstitution).

At block 445, after verification of the one or more authenticationinputs, the peer-to-peer transfer between the cardholder and the seconduser may be scheduled. In some examples, the peer-to-peer transfer maybe scheduled at a predetermined time, such as at a predetermined day,time, week, month, and/or year. In other examples, the peer-to-peertransfer may be scheduled instantly. In this manner, the peer-to-peertransfer may be scheduled or placed in queue for transaction withouthaving to identify the person and downloading and signing up fordifferent applications. In addition, the directionality of the datatransfer may be reversed. In some examples, by adjusting thedirectionality of the transfer, such as from transferor to recipient orfrom recipient to transferor, a corresponding message such as a pushnotification or email may be generated so as to indicate confirmation ofthe desired reversed directionality of the transfer. In some examples,the corresponding message may be displayed by the first applicationand/or second application. In this manner, the peer-to-peer transferwould be for an authenticated user, after the confirmation, since thetransfer is to a known recipient.

In some examples, the peer-to-peer transfer may comprise issuance ofcredit. The credit may be in accord with one or more spendingrestrictions. For example, the one or more spending restrictions mayinclude a time limit, amount limit, geographic limit, merchant type,merchant limit, and/or any combination thereof. In some examples, theissuance of credit may be associated with one or more rewards and/orpoints. For example, the rewards and/or points may be issued and therebyadded to a user reward or loyalty point program if the credit is used ata particular merchant, such as a restaurant, at a particular time, suchas on the weekends. For example, the rewards and/or points may beadjusted for each of the transferor and the transferee, and may beadjusted based on redemption of the credit. For example, the rewardsand/or points may be issued and thereby added to a user reward orloyalty point program if the credit is used at a particular merchant,such as a restaurant, and/or at a particular time, such as on theweekends. When the recipient or transferee uses the credit, thetransferor may still accrue the rewards and/or points.

In other examples, the peer-to-peer transfer may comprise transfer ofone or more digital assets. Without limitation, the digital asset maycomprise an image or a document. Without limitation, the format type ofthe digital asset may include at least one selected from the group of astatic image file (such as JPEG, PNG, SVG), a static document file (suchas PDF, PSD), an animated file (such as GIF, SWF), and web code (such asHTML, CSS, JavaScript). The one or more digital assets may be identifiedfor transfer. For example, the digital asset may be securely transmittedby launching a website and uploading the identified digital asset fortransfer. In another example, the digital asset may be securelytransmitted by opening an application or launching an email client inwhich the identified digital asset may be included as an attachment. Inanother example, the digital asset may be digital asset may beidentified as part of a uniform resource locator (URL) that istransmitted for retrieving the identified digital asset.

In other examples, the peer-to-peer transfer may comprise a fundstransfer, such as a cash transfer. As with the issuance of credit, thefunds transfer may be subject to one or more spending restrictionsand/or one or more merchants. For example, the funds transfer may besubject to a restriction based on time limit, amount limit, geographiclimit, merchant type, merchant limit, and/or any combination thereof. Insome examples, the funds transfer may include a plurality of portions.For example, a first portion of the funds transfer may be transmittedprior to a second portion of the funds transfer. Any portion of thefunds transfer may be transmitted at a predetermined time, including butnot limited to a day, time, week, month, and/or any combination thereof.In this manner, the funds transfer may be transmitted in aggregate untilsatisfaction of the entire funds transfer.

In other examples, the peer-to-peer transfer may comprise issuance of avirtual gift card. As with the issuance of credit, the virtual gift cardmay be subject to one or more spending restrictions and/or one or moremerchants. For example, the virtual gift card may be subject to timelimit, amount limit, geographic limit, merchant type, merchant limit,and/or any combination thereof. In some examples, the peer-to-peertransfer may include a plurality of portions associated with variousamounts of the virtual gift card. For example, a first portion of thepeer-to-peer transfer may be transmitted prior to a second portion ofthe peer-to-peer transfer. Any portion of the transfer may betransmitted at a predetermined time, including but not limited to a day,time, week, month, and/or any combination thereof.

FIG. 5 depicts another method of initiating and authenticating datatransfer according to an exemplary embodiment. FIG. 5 may reference thesame or similar components of system 100, transmitting device 200 ofFIG. 2A and FIG. 2B, method 300 of FIG. 3, and method 400 of FIG. 4. Asillustrated in FIG. 5, a peer-to-peer transfer may be initiated by thecard entering a communication field to a user device and deep linkinginto an application.

At block 505, the method may include the card entering a communicationfield of the user device, including but not limited to via one or moregestures selected from the group of a tap, swipe, wave, or anycombination thereof. This communication may include but not be limitedto near-field communication (NFC). At block 510, the method may includelaunching an application of a user device via the near fieldcommunication data exchange format (NDEF URL) after the entry of thecard into the communication field of the user device. In some examples,the transmittal of the NDEF URL may occur after dynamically generatingthe NDEF URL. In some examples, the application may be associated withthe issuing entity of the transmitting device. In other examples, theapplication may not be associated with the issuing entity of thetransmitting device. For example, the application may be associated witha third party entity or an entity external to the issuing entity of thetransmitting device. At block 515, the method may include deep linkingby the application to a peer-to-peer transfer screen includingpredetermined information. In some examples, the predeterminedinformation may be any information associated with the cardholder thatis already filled out or otherwise via being embedded directly in theNDEF URL. In some examples, the application may be configured to, priorto deep linking, prompt the user to log in. In other examples, theapplication may be configured to, after deep linking, prompt the user tolog in. In some examples, the log in, prior to deep linking, may be thesame or different as the log in required after deep linking. Moreover,exemplary authentication inputs can include, without limitation, entryof login credentials, account information, security information,biometric information and a combination thereof (e.g., entry of a username, a password, an account number, a security code, a one-timepasscode, an answer to a security question, a fingerprint, a facialscan, a retinal scan, a voice recognition, and logging into anapplication or website associated with an account or card-issuinginstitution). At block 520, the method may include entering quantity andrecipient data for the peer-to-peer transfer before the transfer issubmitted. At block 525, the method may include receiving an email orpush notification to confirm the peer-to-peer transfer. For example, thecardholder may be associated with a user device. The user device or itsapplication may be configured to receive the notification. At block 530,responsive to receipt of the notification, the notification may beopened or displayed so as to prompt the authentication input to verifythat the user initiated the transfer. At block 535, after verification,the peer-to-peer transfer between the cardholder and the second user maybe scheduled. In some examples, the peer-to-peer transfer may bescheduled at a predetermined time, such as at a predetermined day, time,week, month, and/or year. In other examples, the peer-to-peer transfermay be scheduled instantly. In this manner, the peer-to-peer transfermay be scheduled or placed in queue for transaction without having toidentify the person and downloading and signing up for differentapplications. In addition, the directionality of the data transfer maybe reversed. In some examples, by adjusting the directionality of thetransfer, such as from transferor to recipient or from recipient totransferor, a corresponding message such as a push notification or emailmay be generated so as to indicate confirmation of the desired reverseddirectionality of the transfer. In some examples, the correspondingmessage may be displayed by the first application and/or secondapplication. In this manner, the peer-to-peer transfer would be for anauthenticated user, after the confirmation, since the transfer is to aknown recipient.

In some examples, the peer-to-peer transfer may comprise issuance ofcredit. The credit may be in accord with one or more spendingrestrictions. For example, the one or more spending restrictions mayinclude a time limit, amount limit, geographic limit, merchant type,merchant limit, and/or any combination thereof. In some examples, theissuance of credit may be associated with one or more rewards and/orpoints. For example, the rewards and/or points may be issued and therebyadded to a user reward or loyalty point program if the credit is used ata particular merchant, such as a restaurant, at a particular time, suchas on the weekends. For example, the rewards and/or points may beadjusted for each of the transferor and the transferee, and may beadjusted based on redemption of the credit. For example, the rewardsand/or points may be issued and thereby added to a user reward orloyalty point program if the credit is used at a particular merchant,such as a restaurant, and/or at a particular time, such as on theweekends. When the recipient or transferee uses the credit, thetransferor may still accrue the rewards and/or points.

In other examples, the peer-to-peer transfer may comprise transfer ofone or more digital assets. Without limitation, the digital asset maycomprise an image or a document. Without limitation, the format type ofthe digital asset may include at least one selected from the group of astatic image file (such as JPEG, PNG, SVG), a static document file (suchas PDF, PSD), an animated file (such as GIF, SWF), and web code (such asHTML, CSS, JavaScript). The one or more digital assets may be identifiedfor transfer. For example, the digital asset may be securely transmittedby launching a website and uploading the identified digital asset fortransfer. In another example, the digital asset may be securelytransmitted by opening an application or launching an email client inwhich the identified digital asset may be included as an attachment. Inanother example, the digital asset may be digital asset may beidentified as part of a uniform resource locator (URL) that istransmitted for retrieving the identified digital asset.

In other examples, the peer-to-peer transfer may comprise a fundstransfer, such as a cash transfer. As with the issuance of credit, thefunds transfer may be subject to one or more spending restrictionsand/or one or more merchants. For example, the funds transfer may besubject to a restriction based on time limit, amount limit, geographiclimit, merchant type, merchant limit, and/or any combination thereof. Insome examples, the funds transfer may include a plurality of portions.For example, a first portion of the funds transfer may be transmittedprior to a second portion of the funds transfer. Any portion of thefunds transfer may be transmitted at a predetermined time, including butnot limited to a day, time, week, month, and/or any combination thereof.In this manner, the funds transfer may be transmitted in aggregate untilsatisfaction of the entire funds transfer.

In other examples, the peer-to-peer transfer may comprise issuance of avirtual gift card. As with the issuance of credit, the virtual gift cardmay be subject to one or more spending restrictions and/or one or moremerchants. For example, the virtual gift card may be subject to timelimit, amount limit, geographic limit, merchant type, merchant limit,and/or any combination thereof. In some examples, the peer-to-peertransfer may include a plurality of portions associated with variousamounts of the virtual gift card. For example, a first portion of thepeer-to-peer transfer may be transmitted prior to a second portion ofthe peer-to-peer transfer. Any portion of the transfer may betransmitted at a predetermined time, including but not limited to a day,time, week, month, and/or any combination thereof.

In this specification, reference is made to types of resource locators,such as a URL, NDEF URL, IRL, URI, and URN. However, it is understoodthat these references are exemplary, and the present disclosureincludes, but is not limited to, the types of resource locatorsmentioned.

It is further noted that the systems and methods described herein may betangibly embodied in one of more physical media, such as, but notlimited to, a compact disc (CD), a digital versatile disc (DVD), afloppy disk, a hard drive, read only memory (ROM), random access memory(RAM), as well as other physical media capable of data storage. Forexample, data storage may include random access memory (RAM) and readonly memory (ROM), which may be configured to access and store data andinformation and computer program instructions. Data storage may alsoinclude storage media or other suitable type of memory (e.g., such as,for example, RAM, ROM, programmable read-only memory (PROM), erasableprogrammable read-only memory (EPROM), electrically erasableprogrammable read-only memory (EEPROM), magnetic disks, optical disks,floppy disks, hard disks, removable cartridges, flash drives, any typeof tangible and non-transitory storage medium), where the files thatcomprise an operating system, application programs including, forexample, web browser application, email application and/or otherapplications, and data files may be stored. The data storage of thenetwork-enabled computer systems may include electronic information,files, and documents stored in various ways, including, for example, aflat file, indexed file, hierarchical database, relational database,such as a database created and maintained with software from, forexample, Oracle® Corporation, Microsoft® Excel file, Microsoft® Accessfile, a solid state storage device, which may include a flash array, ahybrid array, or a server-side product, enterprise storage, which mayinclude online or cloud storage, or any other storage mechanism.Moreover, the figures illustrate various components (e.g., servers,computers, processors, etc.) separately. The functions described asbeing performed at various components may be performed at othercomponents, and the various components may be combined or separated.Other modifications also may be made.

In the preceding specification, various embodiments have been describedwith references to the accompanying drawings. It will, however, beevident that various modifications and changes may be made thereto, andadditional embodiments may be implemented, without departing from thebroader scope of the invention as set forth in the claims that follow.The specification and drawings are accordingly to be regarded as anillustrative rather than restrictive sense.

We claim:
 1. An authenticated peer-to-peer data transfer systemcomprising: a contactless card associated with a cardholder, comprisinga processor and a memory, wherein the processor is configured to:dynamically generate a unique near field communication data exchangeformat uniform resource locator (NDEF URL) after the contactless cardenters a communication field associated with a communication device of arecipient user distinct from the cardholder, the URL being operative tolaunch a website on the communication device, the website beingoperative to initiate and authenticate a peer-to-peer data transferbetween the recipient user and the cardholder, wherein the URLcomprises: a first set of information including abstracted identifierinformation generated, on the card, by combining a unique identifierwith one or more variables, the one or more variables comprising acounter, wherein the unique identifier, and the one more variables arestored on the contactless card, and a second set of informationincluding information associated with the cardholder loaded on to thecontactless card at the time of personalization of the card; transmitthe dynamically generated NOES URL, via near field communication (NEC)to the communication device, to initiate a data transfer associated witha third set of information, entered into the dynamically generatedwebsite based on one or more inputs provided by the recipient user;initiate the data transfer responsive to a confirmation of the third setof information via an authenticated response from the cardholder.
 2. Theauthenticated peer-to-peer data transfer system of claim 1, wherein oneor more actions, based on the NDEF URL, are configured to identify auser.
 3. The peer-to-peer authenticated data transfer system of claim 2,wherein at least one action from the one or more actions compriseslaunching a website configured to initiate the data transfer uponreceiving one or more valid authentication inputs from the communicationdevice associated with the recipient user and an authenticatedconfirmation from a computing device associated with the cardholder. 4.The peer-to-peer authenticated data transfer system of claim 3, whereinthe recipient user associated with the communication device isidentified by at least one selected from the group of devicefingerprinting and a cookie.
 5. The authenticated peer-to-peer datatransfer system of claim 4, wherein login information is requested upondetermination of an unsuccessful identification.
 6. The peer-to-peerauthenticated data transfer system of claim 4, wherein the website isconfigured to display the second set of information and the third set ofinformation.
 7. The peer-to-peer authenticated data transfer system ofclaim 6, wherein the authenticated confirmation from the computingdevice associated with the cardholder comprises one or more responsesassociated with confirmation of the third set of information.
 8. Thepeer-to-peer authenticated data transfer system of claim 7, wherein oneor more authentication communications associated with confirmation ofthe third set of information are performed, the one or moreauthentication communications including at least one selected from thegroup of biometric communication and login communication.
 9. Thepeer-to-peer authenticated data transfer system of claim 1, wherein thefirst set of information further includes an abstracted user namegenerated by the processor after entry of the contactless card into thecommunication field.
 10. The peer-to-peer authenticated data transfersystem of claim 3, wherein the communication device comprises at leastone selected from the group of a mobile device, a wearable device, and akiosk.
 11. The peer-to-peer authenticated data transfer system of claim2, wherein at least one action from the one or more actions comprisesrequesting one or more login credentials.
 12. The peer-to-peerauthenticated data transfer system of claim 11, wherein a deep link to ascreen including the second set of information and the third set ofinformation is provided upon validation of one or more authenticationsinputs from the recipient user and the cardholder.
 13. The peer-to-peerauthenticated data transfer system of claim 1, wherein the third set ofinformation includes at least one selected from the group of a quantity,digital asset, and recipient information.
 14. The peer-to-peerauthenticated data transfer system of claim 13, wherein a notificationcomprises the one or more responses associated with confirmation of thethird set of information.
 15. The peer-to-peer authenticated datatransfer system of claim 1, wherein the data transfer is scheduled at apredetermined time.
 16. A method of authenticating a peer-to-peer datatransfer, comprising: storing, on a contactless card comprising a memoryand a processor memory, a unique identifier, one or more account andidentity information associated with a cardholder, and one or morecryptographic algorithm; dynamically generating, after entry of theprocessors of the contactless card into a communication field of a firstdevice associated with a recipient, a link, the link comprising a nearfield communication data exchange format uniform resource locator (NDEFURL) including abstracted identifier information and the one or moreaccount and identity information associated with the cardholder, whereinthe abstracted identifier information is generated using the uniqueidentifier and the cryptographic algorithm; transmitting via near filedcommunication (NFC), to a first application comprising instructions forexecution on the first device, the link to initiate a data transfer,associated with the third set of information, wherein the third set ofinformation is entered into a website via one or more inputs provided bythe recipient via the first device, the website being launch, on thefirst device, in response to the link received from the contactless cardand displaying one or more account and identity information associatedwith the cardholder; authenticating a user associated with the firstdevice by activating one or more actions based on the link;transmitting, to a computing device associated with the cardholder, oneor more requests for confirmation of the third set of informationprovided by the recipient via the website launched on the first device,wherein the computing device and the first device are distinct devicesoperated by distinct users; receiving one or more notifications that arebased on the one or more requests for confirmation of the third set ofinformation associated with the data transfer; and performing one ormore login credentials that are responsive to the one or morenotifications so as to complete the peer-to-peer data transfer.
 17. Themethod of claim 16, wherein at least one action from the one or moreactions comprises requesting one or more login credentials.
 18. Acomputer readable non-transitory medium comprising computer-executableinstructions that, when executed by a processor, perform procedurescomprising the steps of: dynamically generating, after entry of acontactless card into a communication field, a link, the link comprisinga first set of information and a second set of information, the firstset of information including abstracted identifier information generatedby the contactless card using an identifier and a cryptographicalgorithm stored on the contactless card, the second set of informationincluding cardholder information loaded on to the contactless card atthe time of personalization of the card; transmitting, to a firstapplication comprising instructions for execution on a first device, thelink to initiate a data transfer associated with a third data setentered into the dynamically generated website based on one or moreinputs provided by the recipient user; identifying a user associatedwith the first device by activating one or more actions based on thelink, the one or more actions configured to request confirmation of thethird set of information associated with the data transfer; andtransmitting one or more responses based on authentication of the thirdset of information so as to complete the peer-to-peer data transferbetween the ser of the first device and the cardholder.
 19. The methodof claim 16, wherein the third set of information includes at least oneselected from the group of a quantity, digital asset, and informationassociated with the recipient.
 20. The method of claim 16, wherein thecardholder associated with the computing device is authenticated by atleast one selected from the group of device fingerprinting and a cookie.